chore(deps): bump undici from 7.25.0 to 7.28.0 in /apps/sim in the npm_and_yarn group across 1 directory#5151
Conversation
Bumps the npm_and_yarn group with 1 update in the /apps/sim directory: [undici](https://github.com/nodejs/undici). Updates `undici` from 7.25.0 to 7.28.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.25.0...v7.28.0) --- updated-dependencies: - dependency-name: undici dependency-version: 7.28.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryLow Risk Overview 7.28.0 is a security release that fixes multiple advisories (including WebSocket DoS, SOCKS5 TLS validation, and per-origin pool routing). The app uses Reviewed by Cursor Bugbot for commit 80204bb. Bugbot is set up for automated code reviews on this repo. Configure here. |
Greptile SummaryThis PR bumps
Confidence Score: 5/5Safe to merge — a single-line version bump in package.json applying a security release with no functional or API changes to application code. The change is a dependency upgrade driven by a security release. The new version is a patch/minor-compatible bump (7.25.0 → 7.28.0) and fixes 7 known vulnerabilities without removing or changing any public API that the application code consumes. There is no application logic modified. No files require special attention — only apps/sim/package.json is touched. Important Files Changed
Reviews (1): Last reviewed commit: "chore(deps): bump undici" | Re-trigger Greptile |
Bumps the npm_and_yarn group with 1 update in the /apps/sim directory: undici.
Updates
undicifrom 7.25.0 to 7.28.0Release notes
Sourced from undici's releases.
... (truncated)
Commits
f9eba0aBumped v7.28.0 (#5430)a027a4aBackport WebSocket maxPayloadSize fixes to v7.x (#5423)8cb10f9websocket: limit the number of fragments in a message04201f8fix: honor requestTls when proxy is SOCKS5fcd642ffix(socks5): preserve dispatch backpressure return value (#5166)bc98c97fix(socks5): use configured connector in Socks5ProxyAgent (#5168)9e1c743fix(socks5): encode embedded IPv4 tails in IPv6 literals correctly (#5099)376c8befix(socks5): enforce authenticated state before CONNECT (#5097)3805b8ffix(socks5-proxy-agent): use per-origin pools to prevent cross-origin routing...85a2405fix(cache): trim qualified field namesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.